单选题You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()AAdd Group1 to the local Administrators group.BAdd Group1 to the Certificate Publishers group.CAssign the Manage CA permission to Group1.DAssign the Issue and Manage Certificates permission to Group1.
单选题
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
A
Add Group1 to the local Administrators group.
B
Add Group1 to the Certificate Publishers group.
C
Assign the Manage CA permission to Group1.
D
Assign the Issue and Manage Certificates permission to Group1.
参考解析
解析:
暂无解析
相关考题:
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: - Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services What should you do()A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()A、Add a data recovery agent to the Default Domain Policy.B、Modify the value in the Number of recovery agents to use box.C、Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.D、Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()A、certutil.exe backupB、certutil.exe backupdbC、certutil.exe backupkeyD、certutil.exe store
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your company’s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do()A、Revoke the employee’s smart card certificate.B、Disable the employee’s Active Directory account.C、Publish a new delta certificate revocation list (CRL).D、Reset the password for the employee’s Active Directory account.
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()A、Run certutil.exe -pulse.B、Run certutil.exe -installcert.C、Change the certificate template to a Version 2 certificate template.D、On the certificate template, assign the Autoenroll permission to the users.
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Revocation List Distribution Point extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
ou have a Windows Server 2008 Enterprise Root CA. Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface. You install the AD CS role. What should you do next()A、Configure the Online Responder Role Service on a member server.B、Configure the Online Responder Role Service on a domain controller.C、Configure the Certification Authority Web Enrollment Role Service on a member server.D、Configure the Certification Authority Web Enrollment Role Service on a domain controller.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Distribution Point (CDP) extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()A、Active Directory Administrative CenterB、Certification AuthorityC、Certificate TemplatesD、Group Policy Management
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do()A、Revoke the employees smart card certificate.B、Disable the employees Active Directory account.C、Publish a new delta certificate revocation list (CRL).D、Reset the password for the employees Active Directory account.
单选题You have a computer that runs Windows 7 Professional. A USB disk is attached to the computer. You needto ensure that you can enable BitLocker To Go on the USB disk. What should you do?()AEnable Encrypting File System (EFS).BUpgrade the computer to Windows 7 Enterprise.CInitialize the Trusted Platform Module (TPM) hardware.DObtain a client certificate from an enterprise certification authority (CA).
单选题You need to design a PKI for the Northwind Traders internal network. What should you do?()AAdd an enterprise root CA to the northwindtraders.com domain. Configure cross-certification between the northwindtraders.com domain and the boston.northwindtraders.com domainBAdd an enterprise subordinate issuing CA to the northwindtraders.com domain. Configure qualified subordination for the enterprise subordinate issuing CA in BostonCAdd enterprise subordinate issuing CAs to the New York, Boston, and Seattle LANs. Configure qualified subordinations for each enterprise subordinate issuing CADAdd a stand-alone commercial issuing CA to only the northwindtraders.com domain. Configure cross-certification between the commercial CA and the boston.northwindtraders.com domain
单选题You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()AActive Directory Administrative CenterBCertification AuthorityCCertificate TemplatesDGroup Policy Management
单选题You need to design a PKI for Litware, Inc. What should you do?()AAdd one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAsBAdd one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAsCAdd one online enterprise root certification authority CA).Add one offline enterprise subordinate CADAdd one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs
单选题Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort. What do you do first()AInitialize the Trusted Platform Module (TPM)BUpgrade the menber server to Windows Server 2008 R2 Standard.CInstall the Certificate Enrollment Policy Web Service role service on the member server.DRun the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification
多选题You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRL) for the enterprise root CA. Which two tasks should you perform()AImport the enterprise root CA certificate.BImport the OCSP Response Signing certificate.CAdd the Server1 computer account to the CertPublishers group.DSet the Startup Type of the Certificate Propagation service to Automatic.
单选题Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()Aan account that is a member of the Certificate Publishers group in the child domainBan account that is a member of the Certificate Publishers group in the forest root domainCan account that is a member of the Schema Admins group in the forest root domainDan account that is a member of the Enterprise Admins group in the forest root domain